Projects
Mega:24.03:SP1:Everything
rubygem-rack
_service:tar_scm:Fix-CVE-2024-26146.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:Fix-CVE-2024-26146.patch of Package rubygem-rack
From e4c117749ba24a66f8ec5a08eddf68deeb425ccd Mon Sep 17 00:00:00 2001 From: Aaron Patterson <tenderlove@ruby-lang.org> Date: Wed, 21 Feb 2024 11:05:06 -0800 Subject: [PATCH] Fixing ReDoS in header parsing Thanks svalkanov [CVE-2024-26146] --- lib/rack/utils.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index c8e61ea1..0ed64b7a 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -142,8 +142,8 @@ module Rack end def q_values(q_value_header) - q_value_header.to_s.split(/\s*,\s*/).map do |part| - value, parameters = part.split(/\s*;\s*/, 2) + q_value_header.to_s.split(',').map do |part| + value, parameters = part.split(';', 2).map(&:strip) quality = 1.0 if parameters && (md = /\Aq=([\d.]+)/.match(parameters)) quality = md[1].to_f -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2